B3: Privacy Is a Business Continuity Issue Too
Steve Ross, Risk Masters, Inc.
Business Continuity Managers should be concerned about data privacy. Every Business Continuity Plan that contains contact information for key managers and staff is a potential privacy violation unless specific safeguards are observed. Moreover, the files that are used for backup and recovery are subject to the same privacy requirements (such as the right to be forgotten) as the primary databases. Also, responding to privacy breaches can be very disruptive. Organizations should prepare for minimizing the impact of system unavailability, investigations, audits, and access limitations on normal business operations. This presentation will address these and other issues and offer practical guidance on implementing measures to comply with recent legislation and to ensure that the Business Continuity Management function is not contributing to an organization’s privacy exposure. These include identification of repositories of personally identifiable information (PII), assessment of the uses to which they are put, obtaining consent from those whose contact information is needed for recovery, and monitoring the use of relevant files.
B4: Planning for Protests and Civil Unrest – Case Studies and Lessons Learned
Suzanne Bernier, SB Consulting
The emerging threat of protests, riots, and civil unrest during mass gatherings has become a disturbing reality across the globe. This session will highlight the various types of threats to critical infrastructure that could occur during mass gatherings and the types of plans that should be in place to mitigate and respond to civil disturbances. During this session attendees will be presented lessons learned from recent protests/civil disturbances that have occurred around the globe. The learning objectives of this session include:
– How to identify various types of threats to critical infrastructure that could occur during mass gatherings
– And how to develop mitigation and response plans in advance of possible protests and civil unrest that could threaten critical infrastructure.
C2: Conducting Joint BC/DR Testing With Third-Party Service Providers and What to Do If They Don’t Offer Joint Testing
Carlo Kelejian, Continuity Innovations
Third-party service providers deliver critical services to organizations and joint BC/DR testing should be included in your enterprise-wide exercise and BC/DR testing program. Organizations need assurance that all third-party service providers they decide to partner with are resilient, reliable, and transparent. Also, they should have adequate plans put in place, sound risk management programs, solid infrastructure, and personnel to restore critical outsourced services consistent with business and contractual requirements. In this session, we will discuss how to work with your third-party service providers to conduct joint BC/DR tests to validate the effectiveness of their BC/DR plans. We will also cover what to do if your third-party service providers do not offer joint testing. Attend this session to explore the steps you can take to mitigate risks associated with outsourcing critical services.
D2: Data-Driven Decision-Making: How Operational Resilience Helps to Make Smarter Decisions
Tejas Katwala, Continuity Logic
Organizations now have more access to operational data than ever before. But what happens to this data – do you let it degrade over time, or are you using it to improve resilience and decision making?
E1: Organizational Resilience Is Hard: The Soft Skills to Make It a Success
Alex Fullick, Stone Road
COVID has proven that to be resilient you must look beyond usual ‘response’ mechanisms – BCM, IT DRP, Incident Management, Crisis Management – and look at the secret to the success of resiliency: people. We must understand people, their well-being, empowerment, contribution, and their own level of resilience.